Policies

Privacy

The Australian Digital Health Agency (the Agency) protects personal information it collects and handles in accordance with the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (Privacy Act). This privacy policy sets out how the Agency collects and handles personal information.

What is personal information?

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable.

Why does the Agency collect and handle personal information?

Like many organisations, the Agency collects personal information in order to communicate with people and meet its business obligations and objectives.

Whose personal information does the Agency collect?

The Agency may collect personal information about:

individuals who contact the Agency with an enquiry;

individuals who act on behalf of a healthcare organisation and apply to register for digital health services through the Agency;

individuals who deal with the Agency as part of consultation, including a reference group or as a representative of a stakeholder organisation;

the Agency's business associates;

goods and services providers (including contractors);

current and former employees; and

job applicants.

How does the Agency collect personal information?

The Agency may collect personal information from an individual:

by telephone, facsimile, mail or email;

via Australian Digital Health Agency (the Agency) website, or other websites owned or operated by the Agency; and/or

in person.

Wherever possible, the Agency will collect information directly from an individual. Where the Agency collects personal information from a third party, it will take reasonable steps to inform the individual to whom the personal information relates about the collection. The Agency will assume that any referee information that a job applicant or prospective contractor provides as part of their application for employment or engagement with the Agency has been supplied with the consent of the relevant individual.

What personal information does the Agency collect?

The types of personal information that the Agency may collect include:

name and other identifying information about the individual (this may include evidence of identity (EOI) where the individual is applying to register for digital health services through the Agency and in other limited circumstances);

job title;

contact information such as address, email and contact number;

images of an individual;

Healthcare Provider Identifiers;

resumes and other work history information provided to the Agency;

employee records; and

bank account details (e.g. in order to pay employees, contractors and suppliers).

Does the Agency collect sensitive personal information?

The Agency may collect sensitive information (including health information), as defined by the Privacy Act, where it is permitted by law to do so, including with an individual's consent or where collection is required or authorised by law.

Where relevant, this may include:

information about an individual's membership of a professional association, for example, where an individual represents a professional association in their dealings with the Agency or includes that information as part of a job application;

an individual's Healthcare Provider Identifier where the Agency assists a healthcare organisation to register for digital health services; and

health information where First Aid is administered to an individual on Agency premises.

How does the Agency use and disclose personal information?

The Agency may use the personal information it collects in order to:

respond to enquiries and otherwise engage with stakeholders;

support a healthcare organisation to apply to register for digital health services;

communicate information to an individual about any initiative offered by or associated with the Agency, including invitations to consultation or engagement events;

provide marketing information about goods, services, events or initiatives which may be of interest;

conduct business with its business associates and contractors;

manage its employment relationships and responsibilities;

engage and manage its workforce; and/or

deliver its functions and meet its legal obligations.

Individuals who receive marketing materials from the Agency may opt out of further communications of this nature.

Where the Agency collects personal information and/or Healthcare Provider Identifiers as part of supporting a healthcare organisation to apply to register for digital health services, the Agency will disclose that information to the Department of Human Services. If an individual applying to register for digital health services chooses to verify their identity with the Agency via the Document Verification Service (DVS), the Agency will disclose the personal information the individual providers (for example, passport number) via DVS to the government issuer, who will verify whether the information provided matches the information held by the issuer.

Otherwise, the Agency will only disclose personal information about an individual where it is permitted by law to do so, including with that individual's consent or where disclosure is required or authorised by law.

Information provided via the internet

The security of any information provided to the Agency via the internet cannot be assured as the internet is not a secure environment. Individuals should protect their own personal information appropriately.

Cookies and location information

A cookie is a very small text file which is stored on an individual's computer hard drive, or other access device, when a user first visits a website. Cookies may be used on the Agency websites, including www.digitalhealth.gov.au. When a user returns to a website owned by the Agency, the cookie enables the Agency to register that same browser on which the cookie is stored has returned. Cookies help the Agency to improve its website and monitor internet traffic. You can block cookies by activating a setting on your browser that allows you to refuse the setting of all or some cookies, however, if you block all cookies you may not be able to use the full functionality of our websites.

In addition to cookies, the Agency may collect information from you such as your computer's IP (internet protocol) address. When you sign up to receive downloads from our websites, the Agency may also collect geolocation data associated with your IP address, which will identify your region or city. No attempt will be made to identify users or their browsing activities, except where required by or authorised under law.

Access and correction

Individuals have the right to request access to and/or correct the personal information that the Agency holds about them. If you wish to request access or a correction of your personal information, please contact the Agency's Privacy Team at the address set out below. The Agency may request evidence of your identity before granting a request for access or correction.

Enquiries and complaints

If you wish to make an enquiry or complaint relating to the handling of your personal information, please contact the Agency's Privacy Team at the address set out below. If you have a complaint, the Agency will respond as quickly as possible and inform you of the progress of your complaint. The Agency may collect additional personal information to investigate and resolve your complaint.

Contact Us

By operation of the Public Governance, Performance and Accountability (Establishing the
Australian Digital Health Agency) Rule 2016, on 1 July 2016, all the assets and
liabilities of NEHTA will vest in the Australian Digital Health Agency. In this website, on and
from 1 July 2016, all references to "National E-Health Transition Authority" or "NEHTA" will be
deemed to be references to the Australian Digital Health Agency. PCEHR means the My Health
Record, formerly the "Personally Controlled Electronic Health Record", within the meaning of the
My Health Records Act 2012 (Cth), formerly called the Personally Controlled
Electronic Health Records Act 2012 (Cth).